Understanding the concept and system of personal information protection
 |
Description
Book Introduction
“Personal information and privacy are no longer confined to the level of existing data or information, but rather are recognized as requiring management of the entire process of information creation, use, and destruction through a sophisticatedly designed system.
Furthermore, personal information and privacy protection should no longer be considered a subset of information security, but rather an independent academic discipline and area of specialization.” This recognition remains valid today, and is the background for the publication of the second edition of this book.
The second edition has been significantly revised compared to the first edition, focusing on the issue of personal information protection in cloud environments, which has recently become an issue. Furthermore, changes in each area due to the revision of the Personal Information Protection Act have been faithfully reflected based on the expertise of the writing team.
This book has been designed to be a useful resource for students and privacy practitioners who have studied previous editions.
Furthermore, personal information and privacy protection should no longer be considered a subset of information security, but rather an independent academic discipline and area of specialization.” This recognition remains valid today, and is the background for the publication of the second edition of this book.
The second edition has been significantly revised compared to the first edition, focusing on the issue of personal information protection in cloud environments, which has recently become an issue. Furthermore, changes in each area due to the revision of the Personal Information Protection Act have been faithfully reflected based on the expertise of the writing team.
This book has been designed to be a useful resource for students and privacy practitioners who have studied previous editions.
index
PART 01 Current Status of Personal Information Protection System
CHAPTER 01 · Personal Information Protection Certification and Evaluation System
1.1 Privacy Certification Mark
1.1.1 PRIVACY Certification Mark Overview
1.1.2 Privacy Certification Mark History
1.1.3 Privacy Certification Mark Review Procedure
1.1.4 Privacy Certification Mark Evaluation Criteria
1.1.5 Privacy Certification Mark References
1.2 Cross-Border Privacy Rules (CBPR) certification
1.2.1 CBPR Certification Overview
1.2.2 CBPR Certification System
1.2.3 CBPR Certification References
1.3 ISMS-P Certification
1.3.1 ISMS-P Certification Overview
1.3.2 ISMS-P Certification System
1.3.3 ISMS-P Certification References
1.4 ISO/IEC 27001 Certification
1.4.1 ISO/IEC 27001 Certification Overview
1.4.2 ISO/IEC 27001 Certification Procedures and Criteria
1.4.3 ISO/IEC 27001 Certification References
1.5 Information Security Readiness Assessment System
1.5.1 Overview of the Information Security Readiness Assessment System
CHAPTER 02 ·Personal Information Impact Assessment
2.1 Overview of the Privacy Impact Assessment
2.1.1 Concept of Personal Information Impact Assessment
2.1.2 Privacy by Design (PbD) 50
2.1.3 Overseas Cases Related to Personal Information Impact Assessment
2.2 Personal Information Impact Assessment System
2.2.1 Relevant laws and regulations
2.2.2 Impact assessment target and implementation period
2.2.3 Impact assessment agency and implementing personnel
2.2.4 Impact Assessment Implementation System
2.2.5 Evaluation Criteria
2.3 Personal Information Impact Assessment Procedure
2.3.1 Preliminary Preparation Stage
2.3.2 Impact Assessment Implementation Steps
2.3.3 Implementation Steps
CHAPTER 03 ·Establishment and Application of the ISMS-P Personal Information Protection Management System
3.1 Overview
3.2 Preparing for Personal Information Protection Management System (ISMS-P) Certification
3.2.1 ISMS-P Certification System
3.2.2 ISMS-P Certification Target and Scope
3.2.3 ISMS-P Certification Procedure and Benefits
3.3 Requirements and Application Methods for Each Personal Information Processing Stage
3.3.1 Protection measures and application when collecting personal information
3.3.2 Protection measures and application when retaining and using personal information
3.3.3 Protective measures when providing personal information
3.3.4 Protective measures and application when personal information is destroyed
3.3.5 Protection and Application of Data Subject Rights
| References |
PART 02 Personal Information Protection by Key Area
CHAPTER 04 · Measures to Ensure Personal Information Security in a Cloud Environment
4.1 Technical, administrative, and physical safeguards for personal information
4.4.1 Overview
4.2 Internal Management Plan
4.2.1 Matters concerning the designation of a personal information protection officer
4.2.2 Matters concerning the qualifications and designation of the personal information protection manager
4.2.3 Matters concerning the roles and responsibilities of the personal information protection officer and personal information handler
4.2.4 Matters concerning management, supervision, and education of personal information handlers
4.2.5 Matters concerning management of access rights
4.2.6 Matters concerning access control
4.2.7 Matters concerning encryption of personal information
4.2.8 Matters concerning storage and inspection of connection records
4.2.9 Matters concerning prevention of malware, etc.
4.2.10 Matters concerning vulnerability inspection to prevent personal information leakage, theft, etc.
4.2.11 Matters concerning physical safety measures
4.2.12 Matters concerning the establishment and implementation of a plan to respond to personal information leaks
4.2.13 Matters concerning risk analysis and management
4.2.14 Matters concerning the management and supervision of the trustee when entrusting personal information processing work.
4.2.15 Matters concerning the establishment, amendment, and approval of the personal information internal management plan.
4.2.16 Other matters necessary for personal information protection
4.2.17 Personal Information Protection Officer and Personal Information Handler Training
4.2.18 Management of internal management plan revision history and inspection of internal management plan implementation status
4.3 Managing Access Rights
4.3.1 Access Rights Management
4.3.2 Access Granting Record Management
4.3.3 Application of authentication methods
4.3.4 Account lockout due to long-term inactivity and abnormal access
4.4 Access Control
4.4.1 Establishing an intrusion prevention and detection system
4.4.2 Application of secure authentication and access methods
4.4.3 Blocking leaks through websites, P2P, and shared settings
4.4.4 Automatic system access blocking (session timeout)
4.4.5 Protecting Business Mobile Devices
4.4.6 Internet network blocking measures
4.5 Personal Information Encryption
4.5.1 Encryption in Transmission
4.5.2 Encryption at rest
4.6 Access Log Management
4.6.1 Storage of access records
4.6.2 Checking connection logs
4.7 Malware Prevention
4.8 Physical Safety Measures
4.9 Disaster? Disaster Preparedness Safety Measures
4.10 Protection measures when printing? Copying
4.11 Destruction of Personal Information
4.12 Application of safety measures standards for public system operation agencies
CHAPTER 05 ·Financial Personal Information Protection Compliance
5.1 Financial Privacy Compliance Requirements
5.1.1 Definition of Personal Credit Information
5.1.2 Collection of Personal Credit Information
5.1.3 Use of Personal Credit Information
5.1.4 Provision of Personal Credit Information
5.1.5 Processing of Unique Identification Information and Sensitive Information
5.1.6 Entrustment of personal credit information processing tasks
5.1.7 Transfer of personal credit information due to business transfer, acquisition, etc.
5.1.8 Safe Management of Personal Credit Information
5.1.9 Disclosure of Credit Information Utilization System? Establishment and Disclosure of Personal Information Processing Policy
5.1.10 Credit Information Management? Appointment of a Guardian and Personal Information Protection Officer
5.1.11 Destruction (deletion) of personal (credit) information
5.1.12 Guaranteeing the rights of data subjects
5.1.13 Measures to take in case of leakage (leakage) of personal (credit) information
5.2 Key Issues in Financial Privacy Protection
5.2.1 Continuous Information Security Evaluation
5.2.2 Personal Information Entrustment Management
5.2.3 MyData System
| References |
CHAPTER 06 · Key Contents and Latest Status of the Revised Data 3 Act
6.1 Revised Data 3 Laws
6.1.1 Data 3 Laws
6.1.2 Revised Personal Information Protection Act
6.1.3 Revised Credit Information Act
6.1.4 Revised Information and Communications Network Act
6.2 Comprehensive Revision of the Personal Information Protection Act
6.2.1 Overview
6.2.2 Key Contents
PART 03 Personal Information Protection Application Technology
CHAPTER 07 · Understanding the concept, processing methods, and procedures for pseudonymized information
7.1 Introduction
7.2 Overview
7.2.1 Understanding Terminology
7.2.2 Understanding Pseudonymous Information
7.2.3 Status of systems related to pseudonymized information
7.3 Procedures for processing pseudonymized information
7.3.1 Overview
7.3.2 Step 1: Preliminary preparations, including setting objectives
7.3.3 Step 2: Risk Assessment
7.3.4 Step 3: Pseudonymization
7.3.5 Step 4: Adequacy Review
7.3.6 Step 5: Safe Management
7.3.7 Standards for pseudonymizing unstructured data
7.4 Conclusion
| References |
[Attachment 1] Identification Risk Review Checklist
[Attachment 2] Report on the Results of the Identification Risk Review
[Attachment 3] Personal information pseudonymization technology
[Attachment 4] Pledge
[Attachment 5] Appropriateness Review Results Report
[Attachment 6] Pseudonymous Information Processing Management Ledger
CHAPTER 08 · Personal Information Protection Enhancement Technology
8.1 Personal Information Protection Enhancement Technology
8.2 Relationship between Personal Information Protection and Information Security Technology
8.3 Personal information protection enhancement technology
8.3.1 Homomorphic Encryption
8.3.2 Differential Privacy
8.3.3 Generative Adversarial Networks
8.3.4 Identity Management
8.3.5 Zero-knowledge proof
8.3.6 Federated Learning
8.3.7 Secure Multiparty Computing
8.3.8 Trusted Execution Environment
8.3.9 Retrieving Privacy Information
CHAPTER 09 · Personal Information Life Cycle (Collection-Destruction) Management
9.1 Definition of Personal Information
9.2 Collection of Personal Information
9.2.1 How we collect personal information
9.2.2 Separate consent required when collecting unique identification information
9.2.3 Separate consent required when collecting sensitive information.
9.2.4 When collecting personal information from children under the age of 14, consent from a legal representative is required.
9.2.5 Consent required for automatically collected personal information
9.2.6 Frequently occurring violations related to consent
9.3 Use of Personal Information
9.3.1 Check whether you agree to receive advertising information and pay attention to the following when sending.
9.3.2 Precautions when sending advertisements at night
9.3.3 Notification and confirmation of consent to receive advertising information every two years
9.3.4 Other precautions regarding advertising push notifications from applications
9.4 Provision of Personal Information
9.4.1 What is entrustment of personal information processing?
9.4.2 Required Information When Entrusting Personal Information Processing
9.4.3 What is a Third Party Provider?
9.5 Destruction of Personal Information
9.5.1 How long should personal information be retained?
9.5.2 Destruction of personal information whose retention period has expired
9.5.3 Dormant Account Management
9.6 Guaranteeing the rights of data subjects
CHAPTER 01 · Personal Information Protection Certification and Evaluation System
1.1 Privacy Certification Mark
1.1.1 PRIVACY Certification Mark Overview
1.1.2 Privacy Certification Mark History
1.1.3 Privacy Certification Mark Review Procedure
1.1.4 Privacy Certification Mark Evaluation Criteria
1.1.5 Privacy Certification Mark References
1.2 Cross-Border Privacy Rules (CBPR) certification
1.2.1 CBPR Certification Overview
1.2.2 CBPR Certification System
1.2.3 CBPR Certification References
1.3 ISMS-P Certification
1.3.1 ISMS-P Certification Overview
1.3.2 ISMS-P Certification System
1.3.3 ISMS-P Certification References
1.4 ISO/IEC 27001 Certification
1.4.1 ISO/IEC 27001 Certification Overview
1.4.2 ISO/IEC 27001 Certification Procedures and Criteria
1.4.3 ISO/IEC 27001 Certification References
1.5 Information Security Readiness Assessment System
1.5.1 Overview of the Information Security Readiness Assessment System
CHAPTER 02 ·Personal Information Impact Assessment
2.1 Overview of the Privacy Impact Assessment
2.1.1 Concept of Personal Information Impact Assessment
2.1.2 Privacy by Design (PbD) 50
2.1.3 Overseas Cases Related to Personal Information Impact Assessment
2.2 Personal Information Impact Assessment System
2.2.1 Relevant laws and regulations
2.2.2 Impact assessment target and implementation period
2.2.3 Impact assessment agency and implementing personnel
2.2.4 Impact Assessment Implementation System
2.2.5 Evaluation Criteria
2.3 Personal Information Impact Assessment Procedure
2.3.1 Preliminary Preparation Stage
2.3.2 Impact Assessment Implementation Steps
2.3.3 Implementation Steps
CHAPTER 03 ·Establishment and Application of the ISMS-P Personal Information Protection Management System
3.1 Overview
3.2 Preparing for Personal Information Protection Management System (ISMS-P) Certification
3.2.1 ISMS-P Certification System
3.2.2 ISMS-P Certification Target and Scope
3.2.3 ISMS-P Certification Procedure and Benefits
3.3 Requirements and Application Methods for Each Personal Information Processing Stage
3.3.1 Protection measures and application when collecting personal information
3.3.2 Protection measures and application when retaining and using personal information
3.3.3 Protective measures when providing personal information
3.3.4 Protective measures and application when personal information is destroyed
3.3.5 Protection and Application of Data Subject Rights
| References |
PART 02 Personal Information Protection by Key Area
CHAPTER 04 · Measures to Ensure Personal Information Security in a Cloud Environment
4.1 Technical, administrative, and physical safeguards for personal information
4.4.1 Overview
4.2 Internal Management Plan
4.2.1 Matters concerning the designation of a personal information protection officer
4.2.2 Matters concerning the qualifications and designation of the personal information protection manager
4.2.3 Matters concerning the roles and responsibilities of the personal information protection officer and personal information handler
4.2.4 Matters concerning management, supervision, and education of personal information handlers
4.2.5 Matters concerning management of access rights
4.2.6 Matters concerning access control
4.2.7 Matters concerning encryption of personal information
4.2.8 Matters concerning storage and inspection of connection records
4.2.9 Matters concerning prevention of malware, etc.
4.2.10 Matters concerning vulnerability inspection to prevent personal information leakage, theft, etc.
4.2.11 Matters concerning physical safety measures
4.2.12 Matters concerning the establishment and implementation of a plan to respond to personal information leaks
4.2.13 Matters concerning risk analysis and management
4.2.14 Matters concerning the management and supervision of the trustee when entrusting personal information processing work.
4.2.15 Matters concerning the establishment, amendment, and approval of the personal information internal management plan.
4.2.16 Other matters necessary for personal information protection
4.2.17 Personal Information Protection Officer and Personal Information Handler Training
4.2.18 Management of internal management plan revision history and inspection of internal management plan implementation status
4.3 Managing Access Rights
4.3.1 Access Rights Management
4.3.2 Access Granting Record Management
4.3.3 Application of authentication methods
4.3.4 Account lockout due to long-term inactivity and abnormal access
4.4 Access Control
4.4.1 Establishing an intrusion prevention and detection system
4.4.2 Application of secure authentication and access methods
4.4.3 Blocking leaks through websites, P2P, and shared settings
4.4.4 Automatic system access blocking (session timeout)
4.4.5 Protecting Business Mobile Devices
4.4.6 Internet network blocking measures
4.5 Personal Information Encryption
4.5.1 Encryption in Transmission
4.5.2 Encryption at rest
4.6 Access Log Management
4.6.1 Storage of access records
4.6.2 Checking connection logs
4.7 Malware Prevention
4.8 Physical Safety Measures
4.9 Disaster? Disaster Preparedness Safety Measures
4.10 Protection measures when printing? Copying
4.11 Destruction of Personal Information
4.12 Application of safety measures standards for public system operation agencies
CHAPTER 05 ·Financial Personal Information Protection Compliance
5.1 Financial Privacy Compliance Requirements
5.1.1 Definition of Personal Credit Information
5.1.2 Collection of Personal Credit Information
5.1.3 Use of Personal Credit Information
5.1.4 Provision of Personal Credit Information
5.1.5 Processing of Unique Identification Information and Sensitive Information
5.1.6 Entrustment of personal credit information processing tasks
5.1.7 Transfer of personal credit information due to business transfer, acquisition, etc.
5.1.8 Safe Management of Personal Credit Information
5.1.9 Disclosure of Credit Information Utilization System? Establishment and Disclosure of Personal Information Processing Policy
5.1.10 Credit Information Management? Appointment of a Guardian and Personal Information Protection Officer
5.1.11 Destruction (deletion) of personal (credit) information
5.1.12 Guaranteeing the rights of data subjects
5.1.13 Measures to take in case of leakage (leakage) of personal (credit) information
5.2 Key Issues in Financial Privacy Protection
5.2.1 Continuous Information Security Evaluation
5.2.2 Personal Information Entrustment Management
5.2.3 MyData System
| References |
CHAPTER 06 · Key Contents and Latest Status of the Revised Data 3 Act
6.1 Revised Data 3 Laws
6.1.1 Data 3 Laws
6.1.2 Revised Personal Information Protection Act
6.1.3 Revised Credit Information Act
6.1.4 Revised Information and Communications Network Act
6.2 Comprehensive Revision of the Personal Information Protection Act
6.2.1 Overview
6.2.2 Key Contents
PART 03 Personal Information Protection Application Technology
CHAPTER 07 · Understanding the concept, processing methods, and procedures for pseudonymized information
7.1 Introduction
7.2 Overview
7.2.1 Understanding Terminology
7.2.2 Understanding Pseudonymous Information
7.2.3 Status of systems related to pseudonymized information
7.3 Procedures for processing pseudonymized information
7.3.1 Overview
7.3.2 Step 1: Preliminary preparations, including setting objectives
7.3.3 Step 2: Risk Assessment
7.3.4 Step 3: Pseudonymization
7.3.5 Step 4: Adequacy Review
7.3.6 Step 5: Safe Management
7.3.7 Standards for pseudonymizing unstructured data
7.4 Conclusion
| References |
[Attachment 1] Identification Risk Review Checklist
[Attachment 2] Report on the Results of the Identification Risk Review
[Attachment 3] Personal information pseudonymization technology
[Attachment 4] Pledge
[Attachment 5] Appropriateness Review Results Report
[Attachment 6] Pseudonymous Information Processing Management Ledger
CHAPTER 08 · Personal Information Protection Enhancement Technology
8.1 Personal Information Protection Enhancement Technology
8.2 Relationship between Personal Information Protection and Information Security Technology
8.3 Personal information protection enhancement technology
8.3.1 Homomorphic Encryption
8.3.2 Differential Privacy
8.3.3 Generative Adversarial Networks
8.3.4 Identity Management
8.3.5 Zero-knowledge proof
8.3.6 Federated Learning
8.3.7 Secure Multiparty Computing
8.3.8 Trusted Execution Environment
8.3.9 Retrieving Privacy Information
CHAPTER 09 · Personal Information Life Cycle (Collection-Destruction) Management
9.1 Definition of Personal Information
9.2 Collection of Personal Information
9.2.1 How we collect personal information
9.2.2 Separate consent required when collecting unique identification information
9.2.3 Separate consent required when collecting sensitive information.
9.2.4 When collecting personal information from children under the age of 14, consent from a legal representative is required.
9.2.5 Consent required for automatically collected personal information
9.2.6 Frequently occurring violations related to consent
9.3 Use of Personal Information
9.3.1 Check whether you agree to receive advertising information and pay attention to the following when sending.
9.3.2 Precautions when sending advertisements at night
9.3.3 Notification and confirmation of consent to receive advertising information every two years
9.3.4 Other precautions regarding advertising push notifications from applications
9.4 Provision of Personal Information
9.4.1 What is entrustment of personal information processing?
9.4.2 Required Information When Entrusting Personal Information Processing
9.4.3 What is a Third Party Provider?
9.5 Destruction of Personal Information
9.5.1 How long should personal information be retained?
9.5.2 Destruction of personal information whose retention period has expired
9.5.3 Dormant Account Management
9.6 Guaranteeing the rights of data subjects
GOODS SPECIFICS
- Date of issue: October 20, 2025
- Page count, weight, size: 382 pages | 188*257*30mm
- ISBN13: 9791168331860
- ISBN10: 1168331862
You may also like
카테고리
korean
korean
![ELLE 엘르 스페셜 에디션 A형 : 12월 [2025]](http://librairie.coreenne.fr/cdn/shop/files/b8e27a3de6c9538896439686c6b0e8fb.jpg?v=1766436872&width=3840)
